Key stream cipher device

ABSTRACT

A symmetric key stream processor  60  that encrypts and decrypts text in accordance with the RC4 algorithm has a main processing block  62  and a host interface  64 . The main processing block  62  includes an Sbox memory  78  implemented with a synchronous dual-port RAM and an encryption logic block  80  with a finite state machine. The dual port memory architecture is used for efficiency during permutation and message processing.

BACKGROUND OF THE INVENTION

[0001] The present invention is directed to key stream ciphers and moreparticularly to a hardware architecture that supports the RC4 algorithm.

[0002] A cipher is a cryptographic algorithm used for encryption anddecryption. A stream cipher is a type of encryption algorithm thatencrypts data using a keystream, which is a sequence of bits used as akey. More specifically, a stream cipher, as opposed to a block cipher,processes a variable- length message stream. In a symmetric keyalgorithm, the same key is used for both encryption and decryption ofdata. Encryption is accomplished by combining the keystream with theplain text, usually by exclusive-ORing (XOR) the keystream and the plaintext. Decryption is accomplished similarly, by combining (XORing) thekeystream with the cyphertext.

[0003] The most widely used stream cipher today is RC4 (RC4 is aregistered trademark of RSA Security Inc.), which was developed in 1987by Ron Rivest. RC4 is used in many commercial cryptography products forfile encryption and secure communications, including Lotus Notes, AppleComputer's AOCE, and Oracle Secure SQL. It is also part of the CellularDigital Packet Data specification.

[0004] RC4 is a variable-key size stream cipher with byte-orientedoperations. The algorithm is based on the use of a random permutationand the period of the cipher is likely to be greater than 10¹⁰⁰. RC4uses a 256 byte table substitution box (Sbox) that is initialized andpermuted with a variable sized key. That is, the table entries are apermutation of the numbers 0 through 255, and the permutation is afunction of the variable-length key. Each byte of the plaintext to beencrypted is XORed with a random byte from the table and the tablecontents are continually shuffled as each byte of the message isprocessed.

[0005] RC4 is usually implemented in software using one or more generalpurpose processors. However, an ever growing demand for bulk dataencryption in wireless and wire line networks is driving the need forhardware accelerators and co-processors capable of processing datafaster than existing software implementations.

BRIEF DESCRIPTION OF THE DRAWINGS

[0006] The foregoing summary, as well as the following detaileddescription of preferred embodiments of the invention, will be betterunderstood when read in conjunction with the appended drawings. For thepurpose of illustrating the invention, there is shown in the drawingsembodiments that are presently preferred. It should be understood,however, that the invention is not limited to the precise arrangementsand instrumentalities shown. In the drawings:

[0007]FIG. 1 is a high-level flow chart of the RC4 algorithm;

[0008]FIG. 2 is a high-level flow chart of a permutation step of the RC4algorithm in accordance with the present invention;

[0009]FIG. 3 is a high-level flow chart of a message processing step ofthe RC4 algorithm in accordance with the present invention;

[0010]FIG. 4 is a schematic block diagram of a symmetric key streamcipher device in accordance with an embodiment of the invention;

[0011]FIG. 5 is a schematic block diagram of an Sbox memory of thesymmetric key stream cipher device of FIG. 4;

[0012]FIG. 6 is a schematic block diagram of an address decoder of thesymmetric key stream cipher device of FIG. 4;

[0013]FIG. 7 is a schematic block diagram of a key byte pointer of thesymmetric key stream cipher device of FIG. 4; and

[0014]FIG. 8 is a schematic block diagram of a message processing blockof the symmetric key stream cipher device of FIG. 4.

DETAILED DESCRIPTION OF PREFERRED EMBODIMENTS

[0015] The detailed description set forth below in connection with theappended drawings is intended as a description of the presentlypreferred embodiments of the invention, and is not intended to representthe only forms in which the present invention may be practiced. It is tobe understood that the same or equivalent functions may be accomplishedby different embodiments that are encompassed within the spirit andscope of the invention. In the drawings, like numerals are used toindicate like elements throughout.

[0016] The present invention is an encryption engine or hardwareaccelerator that supports the RC4 algorithm. The encryption engineincludes a finite state machine that operates in four modes,initialization, permutation, message processing, and idle/ready. Theengine also has an Sbox memory that is accessed using four pointers. Aprogrammable counter is used to select each byte of the variable sizedkey during Sbox permutation. Preferably, the Sbox is implemented with adual port PAM and a read-ahead approach is used to maximize datathroughput. Additionally, a working register is used to double bufferthe input to allow new data to be written while the current sub-messageis being processed.

[0017] Referring now to FIG. 1, a high-level flow chart of the RC4algorithm is shown. The algorithm has three main steps or phases. Thefirst step 10 is an initialization step in which the Sbox or state tableis initialized. The Sbox is initialized by setting each location equalto an index value. For example, for a 256 element array, then for i=0 to255, Sbox[i]=i. A second, key array of the same size is filled with thekey value, repeating bytes as necessary.

[0018] The second step 12 generates permutations of the Sbox entrieswith a variable length key and stores them back into the Sbox. Anexample of the second, permutation step 20 follows.

[0019] for i=0 to 255:

[0020] j=(j+Sbox[i]+Key[i]) mod 256

[0021] swap Sbox[i] and Sbox[j].

[0022] The Sbox now contains random permutations of its originalentries. Further, the Sbox evolves with use. The index i ensures thatevery entry changes and the index j ensures that the entries changerandomly.

[0023] In a third, message processing step 14, random Sbox entries areused to either convert a message to ciphertext or recreate a messagefrom ciphertext. Pseudo code for the message processing step 30, inwhich a message is converted to ciphertext follows.

[0024] i=j=0;

[0025] for each byte of the message,

[0026] begin

[0027] i=(i+1) mod 256

[0028] j=(j+Sbox[i]) mod 256

[0029] swap Sbox[i] and Sbox[j]

[0030] k=(Sbox[i]+Sbox[j]) mod 256

[0031] ciphertext byte =message byte XOR Sbox[k]

[0032] end.

[0033] In order to decrypt an encrypted message, only the XOR step ischanged, such that a message is equal to ciphertext XORed with Sbox[k].

[0034] Referring now to FIG. 2, a flow chart of the permutation step inaccordance with the present invention is shown. The present inventionrecognizes and takes advantage of the fact while the value of index “j”is dependent on the index “i”, the index “i” is a simple counter from 0to 255. Thus, using the appropriate hardware, Sbox[i+1] can be read atsubstantially the same time as Sbox[j]. Although the algorithm becomesmore complex, a hardware implementation using a dual-port RAM eliminatesthe need to read Sbox[i] and Sbox[j] in separate cycles.

[0035] In a first step 20, certain variables and the indexes i and j areinitialized. That is, indexes i and j are set to zero and variable K isset to Sbox[0]. The variable K is used later during a swapping step. Ina next step 22, the RC4 permutation calculation is performed. Thepermutation calculation is performed according to equation 1.

j=(j+K+key[i mod(key_length+1)])mod 256  (1)

[0036] The difference from the standard RC4 algorithm is the use of thevariable K instead of Sbox[i]. In the first iteration, K=Sbox[0].However, in subsequent iterations, K is equal to sbox_next_i, which isSbox[i+1], as defined at step 30. It will be understood by those ofskill in the art that “key[i mod(key_length+1)]” could be replaced withkey[i].

[0037] In a next step 24, Sbox[i+1] is fetched and the variablesbox_next_i is set to Sbox[i+1]. Step 24 is followed by step 26, whichis a swapping step. In step 26, Sbox[i] is set to Sbox[j] and Sbox[j] isset to Sbox[i+1]. In the hardware implementation described below, anSbox register L is used to facilitate the swapping function.

[0038] Then, at a next step 28, the value of the index j is compared to(i+1). If the index j is not equal to (i+1), then step 30 is executed,which sets K equal to sbox_next_i (i.e. Sbox[i+1]). After step 28, orstep 30 if j is not equal to (i+1), the index i is incremented and thealgorithm is repeated until the index i is greater than 255, asindicated by steps 32 and 34. It is understood by those of skill in theart that the loop is not necessarily repeated 255 times, but that thevalue of i is determined by the size of the Sbox and that the moduloarithmetic also depends on the size of the Sbox.

[0039]FIG. 3 is a flow chart of a message processing step withread-ahead in accordance with the present invention. A first step 36 isthe same as the first step 20 in FIG. 2, in which certain variables andthe indexes i and j are initialized. That is, indexes i and j are set tozero and variable K is set to Sbox[0]. In a next step 38, standard RC4processing calculations are performed, followed by a swapping step 40.The standard RC4 processing calculations are setting the index i equalto ((i+1) mod 256) and the index j equal to ((j+k) mod 256). In theswapping step 40, Sbox[i] is set to Sbox[j]. However, rather thansetting Sbox[j] equal to Sbox[i], Sbox[j] is set to the variable K,which has a value of Sbox[i+1] or sbox_next_i. As in the permutationstep, the Sbox register L is used to facilitate the swapping function.

[0040] Step 40 is followed by step 42, which determines a pseudorandombyte in accordance with the RC4 algorithm. That is, M=(Sbox[i]+Sbox[j])mod 256. Next, in step 44, a byte of the ciphertext is generated byXORing a byte of the message with the pseudorandom byte from the Sbox,i.e., Sbox[M]. In a decrypting process, a byte of the ciphertext isXORed with the pseudorandom Sbox byte to recreate a byte of the message.Step 44 is followed by step 46, which checks to determine whether or notj is equal to i+1. If j is not equal to i+1, then the variable K isequated to Sbox[i+1] using the variable Sbox_next_i at step 48.Alternatively, if j is equal to i+1, then if the last byte of themessage has not yet been processed, as determined at step 50, thealgorithm is repeated by looping back to step 38. Step 48 is alsofollowed by step 50.

[0041] Referring now to FIG. 4, a schematic block diagram of a symmetrickey stream processor 60 in accordance with an embodiment of theinvention is shown. The symmetric key stream processor 60 is a hardwareaccelerator having a main processing block 62 and a host interface 64.The main processing block 62 includes a status register 66, a controlregister 68, an address decoder 70, a key register logic 72, a messageblock 74, an Sbox registers block 76, an Sbox memory 78 and anencryption logic block 80.

[0042] The host interface 64 is a bridge between a host computer orprocessor or external circuitry and the main processing block 62.However, it is understood that a host or other circuitry may be formedon the same substrate as the host interface 64 and the main processingblock 62. The host interface 64 resynchronizes the timing signals fromthe host. That is, the host interface 64 converts the timing signals toa synchronous interface for the main processing block 62. Theresynchronization of the timing signals allows for a consistent, genericinterface to the key stream processor 60 from different hosts. The hostinterface 64 passes all data, address and control signals between a hostand the main processing block 62. The host interface 64 presents asimple, memory mapped architecture, which minimizes the need for specialglue logic outside of the key stream processor 60.

[0043] The status register 66 is connected to the encryption logic block80 and to the host interface 64 by way of the address decoder 70. Thestatus register 66 is used to indicate the state of the key streamprocessor 60 and includes such information as busy, initializationcomplete, permutation stage complete, message processing complete, readyto receive next sub-message, and interrupt pending. In the presentlypreferred embodiment, the status register has seven bits as shown inTable 1.

[0044] Bit 0 indicates that the main processing block 62 is busy. Bit 1indicates an interrupt is pending. The cause of the interrupt can bedetermined from the bit condition bits 2-6. TABLE 1 Bit Name Cause ofAssertion 0 Busy Initializing, permuting, processing or writing tomemory 1 IRQ Interrupt pending 2 Init. Complete Sbox initializationcomplete 3 Permute complete Sbox permutation complete 4 Sub-msg completeSub-message processing complete 5 Full-msg complete Last sub-messageprocessing complete 6 Input buffer empty Next sub-message may be writtento main processing block 62

[0045] The control register 68 is connected to the host interface 64 byway of the address decoder 70. The control register 64 is used to resetthe main processing block 62 and to mask interrupts. In the presentlypreferred embodiment, the control register 68 has two bits. A first bitis for masking or disabling interrupts and a second bit is fortriggering a software reset. Similar to the software reset, thepreferred embodiment also includes a hardware reset that is triggeredvia an input to the host interface 64, e.g., a reset pin (not shown).

[0046] Referring now to FIG. 5, the Sbox memory 78 preferably comprisesa 256×8-bit synchronous dual-port RAM having 8-bit wide address and datalines. The Sbox memory 78 is connected to the address decoder 70.Further, the Sbox memory 78 includes a read/write controller 79. Thedual port RAM can be treated as two separate RAMs (A and B), with eachhaving an address (ADDR_A, ADDR_B), a data-in port (DIN_A, DIN_B),data-out port (DO_A, DO_B), and independent write enables (WE A, WE B)and chip enables (CE A, CE B). The A and B RAMs share a common clocksignal. The dual port architecture is used for efficiency duringpermutation and message processing, as described above with reference toFIGS. 2 and 3. Since dual port RAMs are understood by those of skill inthe art, further description of the RAM architecture is not required fora complete understanding of the invention.

[0047] The Sbox registers block 76 includes four 8-bit registers Sbox I,Sbox J, Sbox K, and Sbox L that store Sbox pointers I, J, K and L. TheSbox I and Sbox J registers are used to store the i and j indexes orpointers (see FIGS. 1-3) and the Sbox K and Sbox L registers aretemporary storage registers used to perform the swapping functions ofthe modified RC4 algorithm. That is, the K and L registers are used toswap the data stored in any two locations in the Sbox memory 78. TheSbox I and J registers are accessible to the host for the purpose ofcontext reads and context writes in order to restore the I and Jpointers to their current values, in the case of an interrupt, after theinterrupt processing is finished.

[0048] Although FIG. 4 shows a bus structure connecting the differentfunctional blocks of the main processing block 62, the status andcontrol registers 66 and 68 and the Sbox registers 76 preferably areconnected by a virtual bus defined by numerous internal signals andcontrolled by the encryption logic block 80 and an internal addresssignal IADDR.

[0049] Referring now to FIG. 6, a high level block diagram of a portionof the address decoder 70 is shown. The address decoder 70 includes aninput buffer 710, an output buffer 712, a decoder 714 and a selector716. The input buffer 710 receives input data IDATA from the hostinterface 64. The input data IDATA represents sbox_wr_data_a andsbox_wr_data_b shown in FIG. 5. The input data IDATA can include keydata, message text, ciphertext and control information. The input buffer710 is enabled by an IWRITE signal (i.e., wen_a and wen_b of FIG. 5)received from the host interface 64. The decoder 714 is connected to theinput buffer 710 and receives the input data IDATA. The decoder 710 alsoreceives the internal address signal IADDR from the host interface 64.As is understood by those of skill in the art, the sbox address can alsobe designated by the index registers i and j. The decoder 714 formatsand specifies the input data as key information, Sbox information, amessage, or control register data, depending on the value of theinternal address signal IADDR. The key information includes key data andkey length and is provided to the key register logic 72 and to themessage block 714. The Sbox information includes Sbox I and J indexvalues and data to be written to the Sbox memory 78. The decoder 714 canalso pass message bytes to the message block 74 by way of the encryptionlogic block 80. The decoder 714 also identifies information to be storedin the control register 68.

[0050] The output buffer 712 transmits output data ODATA from theselector 716 to the host interface 64. The output buffer 712 is enabledby an IREAD signal received from the host interface 64. The selector716, under the control of the IADDR signal, passes data to the ouputbuffer 712. The data transmitted to the output buffer 712 from theselector 716 includes data read from the Sbox memory 78 (dout_a anddout_b shown in FIG. 5), data read from the status register 66, datafrom the control register 68, data from the Sbox registers 76, andmessage or cipher text. As previously discussed, the internal addresssignal IADDR is generated by the host interface 64.

[0051]FIG. 7 is a high level schematic block diagram of one embodimentof the key register logic 72 in accordance with a preferred embodimentof the invention. The key register logic 72 includes a key register 720that in the preferred embodiment is a 16 byte (128 bits) write-onlyregister that holds the encryption key. The key register 720 includesseparately addressable blocks. That is, each byte of the key data storedin the key register 720 is separately addressable, as specificed by apointer signal, key_select. Since the key can vary in length, the keyregister logic 72 includes a 4 bit write-only register 722 that holdsthe key length, i.e., the number of bytes in the current key. In apreferred embodiment, the key length register 722 is independentlyaddressed. The key register 720 and the key length register 722 receivekey data and key length data, respectively, from the host interface 64by way of the address decoder 70.

[0052] The key register logic 72 also includes a first counter 724,which in the preferred embodiment is a 4-bit counter. The first counter724 is used to generate the pointer signal, key_select, which is used toselect a new byte of the key during Sbox permutation (FIG. 2). Each timethe first counter 724 is incremented, a new byte of the key stored inthe key register 720 is selected. Since the key length can vary, thefirst counter 724 is programmable. In order to implement the followingequations (2) and (3), the key register logic 72 includes a secondcounter 726 and a comparator 730.

key_select=count mod(key_length+1)  (2)

key_byte=key_data[key_select]  (3)

[0053] A buffer 728 is connected between the counter 726 and a 4-bit keyselect register 732. The buffer 728 is enabled when fetching the nextkey byte. The key_select register 732 stores the current key selectpointer.

[0054] Referring now to FIG. 8, the message block 74 includes a messageregister 740 and a cipher register 742. In a preferred embodiment, themessage register 740 is a 32-bit write-only register that stores plaintext and the cipher register 742 is a 32-bit read-only register thatstores encrypted text or ciphertext. The opposite is true for theinverse cipher (decryption). In the presently preferred embodiment, each32 bits of message data, referred to herein as a sub-message, stored inthe message register 740 is processed one byte at a time. The messagebyte read from the message register 740 is XORed with one byte from theSbox memory 78 (sbox_xor_byte) by a plurality of XOR gates 744 and theresulting ciphertext is stored in the cipher register 742. In FIG. 8,the XOR gates 744 each represents plural XOR gates, such as 8 XOR gates.

[0055] To reduce idle time between sub-messages, a working register 746is used to hold the sub-message while it is being processed, whichallows the host to write the next sub-message to the message register740 while the current sub-message is being processed. Upon receiving anew sub-message from the host, an internal new message flag is set. Thenew message flag in turn clears an input empty status bit. When the sub-message in the working register 746 has been processed and is stored inthe cipher register 742, the contents of the message register 740 aretransferred to the working register 746 and processed. At this point,the input empty status bit is set, indicating to the host that the nextsub-message may be written to the message register 740. Although theimplementation shown in FIG. 8 processes the message text a byte at atime, the number of XOR gates could be increased as desired. Forexample, the message text could be processed two bytes at a time or evena word at a time.

[0056] The function of the encryption logic block 80 can be broken intothree separate tasks: SBox initialization, SBox permutation, and messageprocessing. By nature, the RC4 algorithm allows some overlap of hardwareelements for these three tasks, such as counters, adders and the XORgates 744 (FIG. 8). The encryption logic block 80 is responsible forcontrolling the Sbox memory address and input data and controlling theSbox I, J, K and L registers. In the presently preferred embodiment, thehost interface 64 uses a 32-bit data bus, which allows four sequentialbytes of the Sbox memory 78 to be accessed during one host bus cycle.The Sbox memory 78 can be accessed to retrieve or restore the messagecontext (state) at any point in the message stream. The address writtento the key stream processor 60 denotes the starting address/offset inthe Sbox memory 78. A 2-bit counter's value is added to the base addressas each sequential byte is read/written to the Sbox memory 78.

[0057] As discussed with reference to FIGS. 2 and 3, to increaseperformance of permutation and message processing, the value i+1 is usedin the modified algorithm. Accordingly, an i_plus_(—)1 register (notshown) is used to hold the value of index i plus one. The i_plus_(—)1register is used to read the contents of the Sbox memory 78 at locationi+1. This read- ahead approach is possible because the value of i isalways known because it is simply the output of an 8-bit counter.

[0058] At the start of the permutation or message processing phases, aone-time read is performed to obtain the contents of the Sbox memory 78at location i=0. The contents are stored in a “dout next i” register.This value is used to calculate the index j for the first iteration. Foreach subsequent iteration, the Sbox memory 78 contents at location i+1are read in the same cycle as the contents of j. This approach makesfull use of the dual-port RAM and eliminates one read cycle. Thecalculated value of j and the data written to location j during the swapuses the value of “dout_next_i” from the previous iteration. In theevent that j=i+1, “dout_next_i” holds its value from the previousiteration. Table 2 shows the memory usage and data flow. TABLE 2 STATEINIT PERMUTE SUB-MESSAGE PROCESS Cnt_2_3 xx 0** 0 1 0** 0 1 2 ADDR_A I II + 1 I I I + 1 J K + L DIN_A I — — L — — L — WEN_A 1 0 0 1 0 0 1 0 DO_Axxx next i next i xxx next i next i xxx XOR w/MSG ADDR_B — — J J — J J —DIN_B — — — K — — L — WEN_B 0 0 0 1 0 0 1 0 DO_B xxx xxx L xxx xxx L xxxxxx

[0059] At the locations in the table including a “**” one time reads areperformed to calculate j in the next iteration. Each subsequentiteration's k value is “next i” from the previous iteration.

[0060] The encryption logic block 80 operates in accordance with afinite state machine (FSM) that has 7 states: reset, S-boxinitialization, initialization done/wait for key, S-box permutation,permutation done/wait for message, sub/full message process, andsub-message done. The state machine is dependent on the variables:Reset, Sbox write, Busy (Intializing, permuting, message processing),Full message done (last sub-message complete), and Current state. Thestate definitions are shown in Table 3.

[0061] As is apparent, the present invention provides a symmetric keystream-cipher architecture implemented in a heterogeneous integratedcircuit. More particularly, the key stream-cipher architectureimplements the RC4 algorithm. In one embodiment, the encryption engineis suitable for multi-mode and multi-band cellular telephones. It is tobe understood, however, that this invention is not limited to theparticular embodiments disclosed, but covers modifications within thespirit and scope of the present invention as defined by the appendedclaims. TABLE 3 Context Full From To Reset_B Write Busy Done State StateDescription 0 ? ? ? ? 0 Reset 1 0 0 0 0 0 Idle (reset done) 1 0 1 0 0 1Start Sbox init 1 0 1 0 1 1 Sbox init (busy) 1 0 0 0 1 2 Sbox init done1 0 0 0 2 2 Wait for key 1 0 1 0 2 3 Start Sbox perm 1 0 1 0 3 3 Sboxperm (busy) 1 0 0 0 3 4 Perm/sub done 1 0 0 0 4 4 Wait for sub-msg 1 1 ?? ? 4 Context write 1 0 1 0 4 5 Start-msg proc 1 0 1 0 6 5 Next-msg proc1 0 1 0 5 5 Sub-msg proc 1 0 0 0 5 6 Sub-msg done 1 0 0 0 6 6 Wait fornext msg 1 0 0 1 5 0 Full msg done

1. A key stream cipher device, comprising: a key register for storing anencryption key; a counter for generating a key select pointer, the keyselect pointer specifying a portion of the encryption key stored in thekey register; an Sbox memory for storing a predetermined number of bytesof state data; a plurality of Sbox registers for storing a plurality ofSbox pointers that point to predetermined bytes of the state data storedin the Sbox memory; an encryption logic block, connected to the Sboxmemory and the key register, for initializing the Sbox memory in aninitialization mode, for generating permutations using the encryptionkey according to the RC4 algorithm in a permutation mode, andcontrolling message processing in a message processing mode; and amessage block, connected to the Sbox memory and the encryption logicblock, for processing a message when the encryption logic block is inthe message processing mode by combining selected bytes of state dataread from the Sbox memory with one of the message and ciphertext,wherein in an encryption mode, the message block encrypts the message togenerate ciphertext, and in a decryption mode, the message blockdecrypts ciphertext to recreate a message, the message block including amessage register for holding a first predetermined portion of themessage, a working register for holding a second predetermined portionof the message previously stored in the message register, and a cipherregister for storing one of a portion of the ciphertext and therecreated plaintext.
 2. The key stream cipher device of claim 1, whereinthe Sbox memory comprises a synchronous dual-port random access memory(RAM) having separate address and data lines.
 3. The key stream cipherdevice of claim 1, further comprising a host interface for passing alldata, address and control signals between a host processor and thecipher device.
 4. The key stream cipher device of claim 1, furthercomprising a status register that stores a plurality of flags indicatinga status of the modes of the cipher device, the modes including theinitialization mode, the permutation mode, and the message processingmode.
 5. The key stream cipher device of claim 4, wherein the statusregister is a read-only register.
 6. The key stream cipher device ofclaim 5, wherein the plurality of mode flags of the status registerinclude an initialization complete flag, a permute complete flag, and amessage complete flag.
 7. The key stream cipher device of claim 4,wherein the status register is updated after each time the statusregister is read.
 8. The key stream cipher device of claim 1, furthercomprising a control register for masking interrupts to the cipherdevice and for triggering a reset of the cipher device.
 9. The keystream cipher device of claim 1, wherein the encryption key comprises aplurality of bytes, said plurality of bytes being stored in the keyregister, and wherein said plurality of bytes can be defined as aplurality of sets of bytes, wherein each of said set of bytes isindependently addressable.
 10. The key stream cipher device of claim 1,wherein the encryption key has a variable length and the key registerincludes a programmable field for indicating the length of theencryption key.
 11. The key stream cipher device of claim 1, wherein themessage block includes: an XOR block for exclusive ORing the data storedin the working register with the data from the Sbox to generate one ofthe ciphertext and the recreated message text.
 12. The key stream cipherdevice of claim 11, wherein the working register is a write-onlyregister and the cipher register is a read-only register.
 13. The keystream cipher device of claim 1, wherein the plurality of Sbox registersincludes first and second index registers and first and second variableregisters, wherein the variable registers are used for swapping bytes ofthe state data stored in the sbox memory in accordance with the RC4algorithm.
 14. An improved method of encrypting a message according tothe RC4 algorithm, the RC4 algorithm including an initialization step, apermutation step and a message processing step, and a substitution boxand a key, the improvement comprising a modification to the permutationstep, the modified permutation step comprising the steps of:initializing first and second index values i and j; initializing a firstvariable K; performing a permutation calculation as: j=(j+K+key[i])modn, where n is a length of the key; reading a next value from thesubstitution box, the next value being pointed to by the index i plusone; setting a value at the substitution box location pointed to by theindex i with a value at the substitution box location pointed to by theindex j; setting a value at the substitution box location pointed to bythe index j with the variable K; comparing the values of the indexes iand j; setting the variable K equal to the next value read from thesubstitution box in the reading step; incrementing the index i; andrepeating the above steps starting with the performing step apredetermined number of times.
 15. The improved encryption method ofclaim 14, wherein in the variable K is set equal to the next value readfrom the substitution box when the values of the indexes i and j are notequal.
 16. The improved encryption method of claim 14, wherein in thepredetermined number of repeating times depends on the length of thekey.